Monthly Archives: March 2011


take advantage of this offer, only a select few will be qualified (10,000). If you don’t get one this time:

“if we can’t send you a router this time, we’ll make sure you’re at the top of the list for the next round.”

You will be supplied a Netgear WNR3500L wireless router, which as it looks like here:, has 8MB flash memory, and USB ports, plus a 480/453MHz BCM chipset. Not bad.


Couldn’t find a good article on installing OpenWRT, but I did find two on DD-WRT. Here is the installation guide, Here is a guide to installing DD-WRT fomr the DD-WRT Wiki. Though, I wouldn’t recommend doing it to the router until the testing period has ended and the router is yours to keep!

Some requirements are:

  • You are not a heavy downloader.
  • You are not an employee or a family member of an employee of one of the ISPs being monitored.
  • You need to be on one of the ISPs that we’re measuring.

Who knows about letting The Man buy you a router, probably snooping? According to them, no. But who believes the .gov?

“…the unit simply acts as a standard switch or standard router and does not look at any of the packets flowing across your network.”

But, the router looks really easy to hack! So go get it!


Sometimes when running Airodump-NG I have noticed that a CTRL+C SIGINT call will make a packet that is extremely long in size! In fact, the broken packet is so long that Aircrack-NG will not run on the PCAP file. How do we fix it? Well, we could remove the bad packet, but this way will trim down the pcap file size, if it took you long to retrieve the WPA/WPA2 EAPOL handshake.

If you don’t know what any of this means, then shame on you! Go get cracking! And I don’t mean just the passwords! Get the books too! CWSP by CWNP, and 802.11 Wireless Networks by O’Reilly.

Open the bad PCAP file in Wireshark. Sometimes you could use Pyrit to clean up the Handshake PCAP file, but that also sometimes makes it incompatible with Aircrack-NG. Here’s why. (from Aircrack-NG documentation):

“Aircrack-ng also requires a valid beacon. Ensure this beacon is part of the same packet sequence numbers. For example, if the beacon packet sequence number is higher then the EAPOL packet sequence numbers from the AP, the handshake will be ignored.”

Also, another beautiful thing about Aircrack-NG (from Aircrack-NG documentation):

“For WPA handshakes, a full handshake is composed of four packets. However, aircrack-ng is able to work successfully with just 2 packets. EAPOL packets (2 and 3) or packets (3 and 4) are considered a full handshake.”

To fix the error, you can use the quick tshark method like so:

tshark -r < input file name > -R "eapol || wlan.fc.type_subtype == 0x08" -w < output file name >

Or you can use Wireshark and filter out the Beacon packets, which are management packets, which are type 1, class 1. And subtype 8, or in Wireshark’s hexadecimal notation: 0×08.

This is, of course, if your EAPOL and Beacons are not corrupted. Here is an amazing article on WPA packet capture explained. You can learn far more from the aforementioned books, but for now…. READ THIS!


Let’s go through the installer, because a lot of people have trouble with Grub2. In this tutorial I will be installing WT3.6 in VMWare Player (which is a free download) to kill two birds with one stone, so to speak.

First, install VMWare – optional. – Go to and download it, and register for their site (against your will). Then, register the software via the Emails that send you. Even if you use Windows 7 64bit, you will still have to reboot the machine before using VMWare. Once all of that is out of the way, you can begin making a Virtual Machine instance of WT3.6

Click “create a new virtual machine.”

Select the ISO from your HDD.

Select “Linux” and “Debian 5″ (even though we use version 6, this is okay.)

Allocate system resources to the VM instance.

Boot the ISO.

To change the resolution, do this:


Will show you which resolutions are available. choose on Width(x)Height and do:

xrandr -s "1440x900"
fbsetbg -c ~/.wnlatheme/wallpaper/bg.png
killall -9 wbar
wbar -bpress -falfa 25 &

note: You cannot specify a resolution out of the range listed by issuing the xrandr command. You can change the DPI as well, with xrandr --dpi < size >/< display name (default) >

Now, right click anywhere on the desktop and select “Install WEAKERTHAN to Hard Disk” This will bring up the advanced installer (which is still rather simple.)

Select /dev/sda and this will start Gparted:

Now, click “Device->Create Partition Table” and create a “/” partition. Make sure you use ext4 and make the Label “/” and to leave room for a swap partition.

once finished, right click on the “Unallocated Space” and choose “New.” Then make a swap partition.

After which, you simply hit the “Apply all Pending Changes” button or from the menu and you will be told when the process is complete. From here you can now exit the application which will bring back the Installer window. Choose sda2 for your Swap partition. Choose sda1 for your “/” root partition. Install GRUB2 to the MBR. This is important for function. installing GRUB2 to a partition will only cause problems! Even if the bootable flag for the slice is select in Fdisk!

Let the installer finish and then reboot. You should now see the Grub2 screen instead of the ISOLinux screen. If you have trouble booting or you don’t see this screen, please delete the VM Instance file and make a new one. Some of these tools used for the install process and remastering of the ISO will flake out often, and I am sorry if these problems arise. I have been trying diligently to answer as many emails about the subject as possible, and I thank you all for your patience as I research the problems! :)

Have fun!

WEAKERTHAN 3.6 doesn’t automatically come with Nessus due to licensing issues. To get it installed, however, is rather simple. Nessus is also pretty huge. You actually can’t install and run this from the Live CD without a huge amount of RAM or tricking the ISO (either ln -s /opt/nessus to a thumbdrive, or remove a ton of things from the live environment (JAVA, libraries for CUDA, libraries fr Wireshark, etc)). You can run:

find / -type f -size +15000k -exec ls -l {} \;

To find large files and destroy them with rm. I tried deleting almost everything from the ISO, and 288MB is still not enough to make the database that Nessus needs, that sucks. I eventually restarted VirtualBox and gave my virtual machine 4GB of RAM. This allowed me to complete the plugins DB process. I had to re-register with Nessus, but that worked fine, even using the same Email address. :)

Simply open Firefox and browse to: click on the “Download” button, then click “Agree,” after reading through the terms of service. Now, click on the “Nessus-4.4.1-debian5_i386.deb (12393 KB)” link to download for Debian. once downloaded open a terminal and type:

mv ~/Downloads/Ness* /appdev && cd /appdev && dpkg -i Nessus*

This will install the app for you. Next, you need to add a user:

Login: root
Login Password: weaknet
Login Password (again): weaknet
Do you want this user to be a Nessus 'admin' user? (y/n) y

If you try to start the server, you will get an error:

/etc/init.d/nessusd start

Missing plugins. Attempting a plugin update...
Your installation is missing plugins. Please register and
try again.
To register, please visit

According to the Nessus website:

The Nessus daemon cannot be started until Nessus has been
registered and a plugin download has occurred. By default Nessus
comes with an empty plugin set.

Next, you need to register Nessus by doing the following. Browse to: and click the “At Home” button, or if you are using WEAKERTHAN 3.6 to teach your students, or at work, choose the “Work” button. Then enter your real name and Email address on the following page. It will automatically Email you a registration code to use. in the Terminal, type the following command (which you can actually copy and paste from the Email sent by Nessus Registration):

/opt/nessus/bin/nessus-fetch --register < ACTIVATION CODE GOES HERE >
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from

Which doesn’t take long at all. You can also follow page 18 of this document ( for Debian installation.

Now /opt/nessus/sbin/nessusd -R will work just fine. .YOU NEED TO DO THIS TO CONNECT TO THE SERVER VIA Firefox

Processing the Nessus Plugins

Next open up Firefox and click “Tools -> Add-Ons” and disable “Certificate Watch.” Browse to and click “I understand the risks” then click the “Add Exception” button. A little window will pop up and you need to hit “Confirm Security Exception.” This may take some time. You can change the configuration file /opt/nessus/etc/nessus/nessusd.conf to not auto_update – which takes a some time.

Once you see the login screen, simply login with whatever credentials you used during the nessus-adduser command.
Have fun!


If you navigate through the desktop menu from Pentest->Instant Servers->Vidalia(Tor) it will start the Vidalia application. Next, you can run /etc/init.d/tor start from the command line to start the Tor service. Click on the little onion icon in the top right side of the toolbar:

Now, click the “Start Tor” play button on the Vidalia screen.

Start up Firefox and you will see a “Tor Disabled” label at the bottom right side of the window. Simply click it and it will turn green stating that you are now using Tor.

Exit the browser and start it back up again (I found this helps some issues). Now you can go to a web page that states your IP address to test your Tor connection. ( doesn’t like Tor, for some reason, so try a different one.) Also you will notice if you browse to you may be in a different country! I went from the Philippines to Germany in a matter of minutes.

Here is a link for more information (, you can install Privoxy as well, by doing apt-get install proxy Then start it with privoxy

Have fun! :)


Layout mode
Predefined Skins
Custom Colors
Choose your skin color
Patterns Background
Images Background